CMS WebManager-Pro Cross Site Scripting / SQL Injection

Hello Bugtraq! I want to warn you about Cross-Site Scripting and SQL Injection vulnerabilities in CMS WebManager-Pro. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are CMS WebManager-Pro v.7.4.3 version from FGSStudio and previous...

W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion

Hello Full-Disclosure! I want to warn you about new Cross-Site Scripting and Local File Inclusion vulnerabilities in W-Agora. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details: ---------- XSS WASC-08:...

Уязвимости в W-Agora

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Local File Inclusion уязвимостях в W-Agora. XSS WASC-08: http://site/news/search.php3?bn=3Cbody20onload=alertdocument.cookie3E Local File Inclusion WASC-31: Можно инклюдить php-файлы с расширением php3 в версии W-Agora 4.1.5...

W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion

Hello Full-Disclosure! I want to warn you about Cross-Site Scripting and Local File Inclusion vulnerabilities in W-Agora. In addition to vulnerabilities in this system which I found and disclosed in 2006 SecurityVulns ID: 6960. ------------------------- Affected products: ------------------------...

AltConstructor Cross Site Scripting

Hello Full-Disclosure! I want to warn you about Cross-Site Scripting and Brute Force vulnerabilities in AltConstructor. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are all versions of CMS AltConstructor, before version released ...

CMS WebManager-Pro SQL Injection

Hello Bugtraq! I want to warn you about SQL Injection and Redirector URL Redirector Abuse vulnerabilities in CMS WebManager-Pro SecurityVulns ID:11108. It's Ukrainian commercial CMS. SQL Injection: http://site/c.php?id=1%20and%20version=5 Redirector:...

eSitesBuilder Cross Site Scripting / Path Disclosure / SQL Injection

Hello Full-Disclosure! I want to warn you about multiple vulnerabilities in eSitesBuilder. After previous vulnerabilities in eSitesBuilder SecurityVulns ID:10940, which I wrote earlier in June, there are Insufficient Anti-automation, Cross-Site Scripting, SQL Injection and Full path disclosure...

Многочисленные уязвимости в eSitesBuilder

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Cross-Site Scripting, SQL Injection и Full path disclosure уязвимостях в eSitesBuilder это украинская коммерческая CMS. Insufficient Anti-automation: http://site/forget.php В форме нет защиты от автоматизированных...

Vulnerabilities in Dataface Web Application Framework

Hello Bugtraq! I want to warn you about security vulnerabilities in Dataface Web Application Framework. ----------------------------- Advisory: Vulnerabilities in Dataface Web Application Framework ----------------------------- URL: http://websecurity.com.ua/4276/ -----------------------------...

Multiple vulnerabilities in MC Content Manager

Hello Bugtraq! I want to warn you about Cross-Site Scripting and SQL Injection vulnerabilities in MC Content Manager. Which I found in this CMS in 2007 and 2009 at the site of SZRU Foreign Intelligence Service of Ukraine - it's Ukrainian special service similar to CIA and MI6 SIS. From 8...

MC Content Manager Cross Site Scripting / SQL Injection

Hello Bugtraq! I want to warn you about Cross-Site Scripting and SQL Injection vulnerabilities in MC Content Manager. Which I found in this CMS in 2007 and 2009 at the site of SZRU Foreign Intelligence Service of Ukraine - it's Ukrainian special service similar to CIA and MI6 SIS. From 8...

SQL Injection vulnerability in coWiki

Hello Bugtraq! I want to warn you about security vulnerability in coWiki. Earlier I already wrote about XSS vulnerability in coWiki - SecurityVulns ID:8005 http://securityvulns.ru/Rdocument692.html. ----------------------------- Advisory: SQL Injection vulnerability in coWiki...

Vulnerabilities in SimpNews

Hello Bugtraq! I want to warn you about security vulnerabilities in SimpNews. ----------------------------- Advisory: Vulnerabilities in SimpNews ----------------------------- URL: http://websecurity.com.ua/4245/ ----------------------------- Affected products: SimpNews V2.47.03 and previous...

WordPress in Cimy Counter Multiple Vulnerability

Exploit for php platform in category web applications ================================================ WordPress in Cimy Counter Multiple Vulnerability ================================================ ----------------------------- Affected products: Cimy Counter 0.9.4 and previous versions...

Cimy Counter For Wordpress Full Path Disclosure / Cross Site Scripting

Hello Full-Disclosure! I want to warn you about security vulnerabilities in plugin Cimy Counter for WordPress. ----------------------------- Advisory: Vulnerabilities in Cimy Counter for WordPress ----------------------------- URL: http://websecurity.com.ua/4170/ -----------------------------...

eSitesBuilder Cross Site Scripting

Hello Full-Disclosure! I want to warn you about security vulnerabilities in eSitesBuilder. It's Ukrainian CMS which used particularly for e-commerce sites. These vulnerabilities I found in 2007-2008 years at one online shop site and later I found some of these vulnerabilities at another site on...

Firebook XSS / XSRF / Directory Traversal / Full Path Disclosure

Hello Bugtraq! I want to warn you about security vulnerabilities in Firebook. ----------------------------- Advisory: Vulnerabilities in Firebook ----------------------------- URL: http://websecurity.com.ua/4124/ ----------------------------- Affected products: all versions of Firebook...

Vulnerabilities in Firebook

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage, Cross-Site Request Forgery, Cross-Site Scripting, Directory Traversal и Full path disclosure уязвимостях в Firebook. Information Leakage: http://site/pathtofirebookadmin/?URLproxy=http://firebook.ru/env/index.html; CSRF:...

Vulnerabilities in plugin Gigya Socialize for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Full path disclosure уязвимостях в плагине Gigya Socialize для WordPress. XSS: http://site/?223E3Cscript3Ealert/XSS/3C/script3E XSS имеет место в логин виджете данного плагина. Full path disclosure:...

DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera

Hello Bugtraq! I want to warn you about security vulnerabilities in different browsers. With this advisory I'm continue my series of vulnerabilities in browsers, which belong to group of DoS via protocol handlers. ----------------------------- Advisory: DoS vulnerabilities in Firefox, Internet...